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EXAMINER'S ANSWER 



This is in response to the appeal brief filed 02/25/2010 appealing from the Office action mailed 
11/25/2009. 
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(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial proceedings 
which will directly affect or be directly affected by or have a bearing on the Board's decision in 
the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 
No amendment after final has been filed. 

(5) Summary of Claimed Subject Matter 

The summary of claimed subject matter contained in the brief is correct. 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is correct. 

(7) Claims Appendrx 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 

6,988,075 Hacker etal. 1-2006 

2002/0010679 Felsher 1-2002 

Mandl, et al. "Public Standards and Patients' Control: How to Keep Electronic Medical Records 

Accessible but Private" BMJ, Feb. 2001; 322, pages 283-287. 
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(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 
Claim Rejections - 35 USC § 103 

1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

2. Claims 1-4 and 20-27 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hacker (6.988.075; hereinafter Hacker) in view of Kenneth D Mandl. Peter Szolovits. Isaac S 
Kohanc, David Markwclk and Rhona MacDonald Public standards and patients' control; how 
to keep electronic medical records accessible but private • Commentary; Open approaches 
to electronic patient records • Commentary; A patient's viewpoint BMJ. Feb 2001: 322: 283 
- 287 (herein after Mandl). 

3 . As per claim 1 , Hacker discloses a computer-implemented method of permitting 
controlled access to medical information comprising: 

(1) supplying medical information of the patient to a central repository by the patient and 
any medical providers who have treated the patient (Hacker: col. 7, lines 21-27); 

(2) storing and maintaining the medical information of the patient in the central 
repository (Hacker; col. 7, lines 21-27); 
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(3) accessing the medical information by the patient from an access device using a unique 
patient identifier and a patient PIN (Hacker: col. 7, lines 56-66). 

(3) assigning each authorized user with a unique authorized user ID (Hacker: col. 7, 43- 
66) and an authorized user PIN (Hacker: col. 7, 43-50; i.e. alphanumeric passphrases; col. 7, 
60-66) and tracking and notifying the patient of an identity of a user who accessed the medical 
information, what was accessed by the user, and when the user accessed the information 
(Hacker: col. 7, 66-col. 8, 3). Although Hacker does not explicitly teach who accessed the 
medical information, it is obvious that who accessed the medical information is a pertinent 
information and the prior art suggests providing the information of who accessed the medical 
information. 

Hacker does not explicitly teach confroUing by the patient an authorization and a scope of 
access to the medical information by modifying an access confrol list within the patient's profile 

when the patient is connected to the central repository; and wherein the access control list lists 
each authorized user and the assigned role of each authorized user, wherein the scope of access 
includes which items of medical information are available to an assigned role and how that 
information will be viewed. 

Mandl teaches: 

(3) controlling by the patient an authorization and a scope of access to the medical 
information by modifying an access confrol list within the patient's profile when the patient is 
connected to the cenfral repository (Mandl: p. 284, section Confidentiality). 
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wherein the access control list lists each authorized user and the assigned role of each 
authorized user, wherein the scope of access includes which items of medical information are 
available to an assigned role and how that information will be viewed (Mandl: p. 284, section 
Confidentiality). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to combine the teachings with the motivation of providing a user with managing their own health 
record and providing a user with a secure data repository of their own medical record (Mandl). 

4. As per claim 3, Hacker discloses the method of claim 1 , wherein the access device is 
controlled using a universally unique identifier (Hacl^er: col. 7, lines 42-63). 

5. As per claim 4, Hacker discloses the method of claim 1, wherein said controlling step is 
overridden by a registered emergency provider (Hacker: col. 7, lines 66-67). 

6. As per claims 20 and 22-23, it is an article of manufacture claim which repeats the same 
limitations of claims 1 and 3-4, the corresponding method claim, as a collection of executable 
instructions stored on machine readable media as opposed to a series of process steps. Since the 
teachings of Hacker and Mandl disclose the underlying process steps that constitute the method 
of claims 1 and 3-4, it is respectfully submitted that they likewise disclose the executable 
instructions that perform the steps as well. As such, the limitations of claims 20 and 22-23, are 
rejected for the same reasons given above for claims 1 and 3-4. 

7. As per claims 24 and 26-27, they are system claims which repeat the same limitations of 
claims 1 and 3-4, the corresponding method claims, as a collection of elements as opposed to a 
series of process steps. Since the teachings of Hacker and Mandl disclose the underlying 
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process steps that constitute the methods of claims 1 and 3-4, it is respectfully submitted that 
they provide the underlying structural elements that perform the steps as well. As such, the 
limitations of claims 24 and 26-27 are rejected for the same reasons given above for claims 1 
and 3-4. 

8. Claims 16-18 are rejected under 35 U.S.C. 103(a) as being unpatentable over Hacker 
(6.988.075: hereinafter Hacker) in view of Kenneth D Mandl. Peter Szolovits. Isaac S Kohane. 
David Markwell. and Rhona MacDonald and fiirther in view of Felsher (2002/0010679: 

hereinafter Fclshcr) . 

9. As per claim 16, Hacker and Mandl disclose the method of claim 1, but do not teach 
wherein the patient is compensated for permitting some of the medical information to be 
available and used by a research institution. 

Felsher teaches wherein the patient is compensated for permitting some of the medical 
information to be available and used by a research institution (Felsher: para. 310). 

It would have been obvious to one of ordinary skill in the art at the time of the invention 
to combine the teachings with the motivation of providing a medical history that may be of 
critical importance to the fixture of healthcare (Felsher: para. 7) and the need for privacy and 
security of a patient's information (Felsher: para. 17). 

10. As per claim 17, Hacker and Mandl disclose the method of claim 1, but do not teach 
wherein during a doctor visit the patient provides access to the medical information for a time 
period long enough to support the visit at which point the access times out. 
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Felsher teaches wherein during a doctor visit the patient provides access to the medical 
information for a time period long enough to support the visit at which point the access times out 
(Felsher: para. 354). 

The motivation to combine the teachings is the same as claim 16. 
11. As per claim 1 8, Hacker and Snowden disclose the method of claim 1 , but do not teach 
wherein access to the patient's medical information expires when a physician logs into another 
room/ appointment. 

Felsher teaches wherein access to the patient's medical information expires when a 
physician logs into another room/appointment (Felsher: para. 359; i.e. second communication 
session). 

The motivation to combine the teachings is the same as claim 16. 



(10) Response to Argument 

Claims 1.20. and 24 

Appellant argues that Hacker does not teach both a patient unique identifier and an 
authorized identifier. Examiner disagrees. The claim limitations "accessing the medical 
information by the patient from an access device using a unique patient identifier and a patient 
PIN" and "assigning each authorized user with a unique authorized user ID and an authorized 
user PIN" do not differentiate the difference between the patient identifier and an authorized user 
ID. The claim limitations are broad enough to encompass both the interpretation of the examiner 
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and the Appellant. Hacker teaches providing each patient a unique identification and a 
passphrase, which is provided to the appropriate medical providers; medical providers access the 
information using a patient identification and entering the passphrase provided to the medical 
providers by the patient. 

Appellant argues that Mandl does not teach using an access control list as the mechanism 
for controlling access to medical records; Furthermore stating that granting different access 
rights to different providers based on their role is not the same as using an access control list as 
the mechanism for controlling access. Examiner states that Mandl teaches providing the patients 
the right to decide who can examine and alter what part of their medical records. Mandl further 
teaches letting the individual control preferences about different aspects of his or her medical 
history and authorized independently based on the role of the providers. 

Appellant argues that hacker does not track and notify the patient identity of the user who 
accessed the medical information, what was accessed by the user, and when the user accessed the 
information. Examiner disagrees. Hacker teaches notification to the patient as to what 
information was released to the emergency medical personnel, including time, location, pages 
accessed, etc. Examiner states that Hacker teaches who accessed the medical information by 
providing the emergency personnel the override and then providing that information to the 
patient. Furthermore Hacker teaches providing information through e-mail preauthorized by the 
patient to the medical provider (col. 8, 25-40). 
Claims 3-4. 22-23. and 26-27 
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Appellant argues that Hacker does not teach a universally unique identifier. Examiner 
disagrees. Hacker teaches accessing information using unique access identification means, but 
protecting sensitive information with a passphrase, which is not necessary if not accessing 
sensitive information therefore providing a universally unique identifier. 

Appellant argues that Hacker does not teach the mechanism of registration of emergency 
providers that would prevent the access to information by those searching for private information 
and posing to be an emergency provider. In response to appellant's argument that the references 
fail to show certain features of applicant's invention, it is noted that the features upon which 
applicant relies (i.e., prevent the access to information by those searching for private information 
and posing to be an emergency provider) are not recited in the rejected claim(s). Although the 
claims are interpreted in light of the specification, limitations from the specification are not read 
into the claims. See In re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). 
Hacker teaches confroUing step is overridden by a registered emergency provider. 
Claims 16-18 

Appellant argues that Felsher does not disclose that during a doctor visit the patient 
provides access to the medical information for a time period long enough to support the visit at 
which point the access times out. Felsher teaches that once the password is verified, the user is 
authenticated for the duration of the session (i.e. long enough to support the visit) or providing a 
maximum timeout limit, such as 15 minutes, but not limited to 15 minutes. 

Appellant argues that Felsher does not disclose expiration of an access if a physician logs 
onto another computer. Examiner disagrees. Felsher teaches reverification of the user for access 
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after the time limit parameters, therefore providing expiration of a session if not within the time 
limit parameters set forth by the patient. 

(11) Related Proceeding(s) Appendix 

No decision rendered by a court or the Board is identified by the examiner in the Related 
Appeals and Interferences section of this examiner's answer. 



For the above reasons, it is believed that the rejections should be sustained. 

Respectfully submitted, 

/Sheetal R. Rangrej/ 
Examiner, Art Unit 3686 

/Gerald J. O'Connor/ 
Supervisory Patent Examiner 
Group Art Unit 3686 
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Gerald J. O ' Connor /GJOC/ 
Supervisory Patent Examiner 
Group Art Unit 3686 

Vincent Millin/vm/ 



Appeals Practice Specialist 



